Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
AWS API calls that return credentials
Copy link

kmcquade commented Dec 24, 2020

This one is really interesting. I was reading about how to link up AWS Chatbot to Slack and thought about the potential for using Slack as an attack vector. Seems like AWS has anticipated this; the AWS Chatbot documentation says here that they do not support commands denied by the following IAM Policy:

  "Statement": [
      "Action": [
      "Effect": "Deny",
      "Resource": "*"
  "Version": "2012-10-17"

There is a strong overlap between that list and the ones provided on my list above.

If you are looking to prevent Data Exfiltration and Credential Exposure, I would suggest blocking the combination of both of these.

Copy link

kmcquade commented Jan 3, 2021

Note: I reflected this in a recent blog post:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment